Azure Web Site - Possible to make viewable to IP range only?

Question

I have several web sites running on the WAWS platform, and I cannot figure out if its possible to have a web site setup in the Shared space and then have it visible to only a certain IP range.

Long story short, we have a hard IP range here and it would be nice to be able to have azure sites that are only accessible by that range of addresses.

Thanks!

Answer 1

You can achieve this by defining a specific IP or range in your web.config as follows:

<security>
    <!-- deny everybody -->
   <ipSecurity allowUnlisted="false">
        <!-- "clear" removes all upstream restrictions -->
       <clear/>
        <!--permit network 199.199.199.0 to 199.199.199.255-->
       <add ipAddress="199.199.199.0" subnetMask="255.255.255.0" allowed="true"/>

        <!--permit IP 199.199.199.12 only-->
        <add ipAddress="199.199.199.12" allowed="true"/>
   </ipSecurity>
</security>

EDIT 1

It seems ipSecurity is not enabled out of the box for Azure Websites, thanks @astaykov. I'll leave this solution here in case it can be added, otherwise it may be necessary to host on a XS Web-Role and use the following solution.

Does Azure support <ipsecurity/> in web.config?

EDIT 2

In case you missed @spankmaster79 comments below, this appears now to be supported http://azure.microsoft.com/blog/2013/12/09/ip-and-domain-restrictions-for-windows-azure-web-sites/.

Answer 2

The easiest way I could think of was using the ipSecurity element. But I just made a quick test and it seems to be ignored by the Azure Web Sites. So, you have to either give anyone access, or implement it on your own in the Web Application. I just wonder whether you get the real IP address or the IP Address of the ARR that routes the traffic to your site.